Changeset 56956 in webkit

Timestamp:

Apr 1, 2010 5:44:03 PM (14 years ago)

Author:

eric@webkit.org

Message:

2010-04-01 Chris Evans <​cevans@chromium.org>

Reviewed by Adam Barth.

Add test for XSLT NULL crash:
​https://bugs.webkit.org/show_bug.cgi?id=36804

• LayoutTests/fast/xsl/xslt-bad-import-uri.html: added
• LayoutTests/fast/xsl/xslt-bad-import-uri-expected.txt: added
• LayoutTests/fast/xsl/resources/xslt-bad-import-uri.xml: added
• LayoutTests/fast/xsl/resources/xslt-bad-import-uri.xsl: added

2010-04-01 Chris Evans <​cevans@chromium.org>

Reviewed by Adam Barth.

Fix a NULL pointer crash if @import fails to load a stylesheet.

​https://bugs.webkit.org/show_bug.cgi?id=36804

Test: fast/xsl/xslt-bad-import-uri.html

• xml/XSLStyleSheetLibxslt.cpp: (WebCore::XSLStyleSheet::parseString): Handle an empty string gracefully. An empty string has a NULL buffer, which we pass in to xmlCreateMemoryParserCtxt(). It returns NULL if it is passed a NULL buffer. In the top-level XSL case, the current code does not crash "by luck" because the other APIs used can handle a NULL argument. In the @import case, additional code runs which will deference the NULL.

Location:

trunk

Files:

• LayoutTests/ChangeLog (modified) (1 diff)
• LayoutTests/fast/xsl/resources/xslt-bad-import-uri.xml (added)
• LayoutTests/fast/xsl/resources/xslt-bad-import-uri.xsl (added)
• LayoutTests/fast/xsl/xslt-bad-import-uri-expected.txt (added)
• LayoutTests/fast/xsl/xslt-bad-import-uri.html (added)
• WebCore/ChangeLog (modified) (1 diff)
• WebCore/xml/XSLStyleSheetLibxslt.cpp (modified) (1 diff)

trunk/LayoutTests/ChangeLog

@@ +1 @@
+2010-04-01  Chris Evans  <cevans@chromium.org>
+
+        Reviewed by Adam Barth.
+
+        Add test for XSLT NULL crash:
+        https://bugs.webkit.org/show_bug.cgi?id=36804
+
+        * LayoutTests/fast/xsl/xslt-bad-import-uri.html: added
+        * LayoutTests/fast/xsl/xslt-bad-import-uri-expected.txt: added
+        * LayoutTests/fast/xsl/resources/xslt-bad-import-uri.xml: added
+        * LayoutTests/fast/xsl/resources/xslt-bad-import-uri.xsl: added
+
 2010-04-01  Alexey Proskuryakov  <ap@apple.com>
 

trunk/WebCore/ChangeLog

@@ +1 @@
+2010-04-01  Chris Evans  <cevans@chromium.org>
+
+        Reviewed by Adam Barth.
+
+        Fix a NULL pointer crash if @import fails to load a stylesheet.
+
+        https://bugs.webkit.org/show_bug.cgi?id=36804
+
+        Test: fast/xsl/xslt-bad-import-uri.html
+
+        * xml/XSLStyleSheetLibxslt.cpp:
+        (WebCore::XSLStyleSheet::parseString):
+          Handle an empty string gracefully. An empty string has a NULL
+          buffer, which we pass in to xmlCreateMemoryParserCtxt(). It returns
+          NULL if it is passed a NULL buffer.
+          In the top-level XSL case, the current code does not crash "by luck"
+          because the other APIs used can handle a NULL argument. In the
+          @import case, additional code runs which will deference the NULL.
+
 2010-04-01  Alexey Proskuryakov  <ap@apple.com>
 

trunk/WebCore/xml/XSLStyleSheetLibxslt.cpp

@@ -155 +155 @@
 
     xmlParserCtxtPtr ctxt = xmlCreateMemoryParserCtxt(buffer, size);
+    if (!ctxt)
+        return 0;
 
     if (m_parentStyleSheet) {